package com.iyang.jpa.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @Author: Mu_YI
 * @Date: 2019/7/21 21:45
 * @Version 1.0
 */

@Component
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /*super.configure(auth);*/
        // 设置关于用户账号信息和权限
        auth.inMemoryAuthentication().withUser("admin").password("123456").authorities("add","delete");
        auth.inMemoryAuthentication().withUser("yang").password("123456").authorities("add");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*super.configure(http);*/
        // 配置拦截资源
        /*http.authorizeRequests().antMatchers("/**").fullyAuthenticated().and().httpBasic();*/
        http.authorizeRequests().antMatchers("/add").hasAnyAuthority("add").
                antMatchers("/delete").hasAnyAuthority("delete").
                antMatchers("/**").fullyAuthenticated().and()/*.formLogin();*/.httpBasic();
    }

    @Bean
    public static NoOpPasswordEncoder passwordEncoder(){
        return (NoOpPasswordEncoder)NoOpPasswordEncoder.getInstance();
    }

}
